Centos6 配置openvpn,windows客户端 |
发表者:admin分类:网络安全2015-10-30 18:00:12 阅读[2261] |
Centos6 配置openvpn,windows客户端
首先安装软件包。
1 yum -y install openvpn easy-rsa
复制配置文件
3 cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn
安装一些工具,可以不装
4 yum -y install gcc gcc-c++ autoconf automake libtool gettext lzo lzo-devel pam-devel
初始化证书的授权中心
# source ./vars
#./clean-all
创建CA证书和密钥
./build-ca创建服务端的证书和密钥
18 ./build-key-server server
6. 创建客户端的证书和密钥
19 ./build-key chenshake 20 ./build-dh
修改系统参数,打开路由包转发功能。
21 vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 1
添加nat功能,可以使用客户端通过服务器上外网。
23 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
24 /etc/init.d/iptables save
iptables -I INPUT -m state --state NEW -m udp -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0
/24
-o eth1 -j MASQUERADE
service iptables save || iptables-save >
/etc/sysconfig/iptables
service openvpn start
修改服务器端配置文件。
38 ls
39 vi server.conf
具体内容如下:
;local a.b.c.d
local 10.104.54.249
port 1194
;proto tcp
proto tcp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "route 0.0.0.0 0.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 114.114.114.114"
;push "dhcp-option DNS 208.67.220.220"
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
检查配置文件是否有测错误
43 openvpn --config server.conf
启动 openvpn 服务,然后检查端口是否打开。
/etc/init.d/openvpn start
[root@VM_54_249_centos openvpn]# netstat -antu |grep 1194
tcp 0 0 10.104.54.249:1194 0.0.0.0:* LISTEN
tcp 0 2381 10.104.54.249:1194 112.199.95.54:53023 FIN_WAIT1
tcp 0 103 10.104.54.249:1194 27.27.88.241:2650 ESTABLISHED
[root@VM_54_249_centos openvpn]#
最后将客户端需要的软件,都复制到客户端配置文件目录。
下面是修改的client.ovpn 配置信息。
client
dev tun
;dev-node MyTap
proto tcp
remote 119.29.3.77 1194
;remote-random
resolv-retry infinite
script-security 2
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert chenshake.crt
key chenshake.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
mute 20
最后测试拨号 成功,并且,可以正常通过VPN上外网。
转载请标明出处【Centos6 配置openvpn,windows客户端 】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
Tags: | [阅读全文...] |
最新评论